Ride the Lightning
Cybersecurity and Future of Law Practice Blog
by Sharon D. Nelson Esq., President of Sensei Enterprises, Inc.
How Do You Confont Your Accuser When Your Accuser is Software?
April 21, 2011
Bruce Schneier, in his excellent Schneier on Secuity blog, recently had a post that fundamentally asks how you can exercise your right to confront your accuser when your accuser is software.
The truth is, courts (and almost everyone else) tend to trust the output of software. Computers may not lie in the conventional sense, but they sure do make mistakes. As all programmers know "garbage in, garbage out." There is also a problem with "experts" incorrectly interpreting the data that is generated – this happens all the time in computer forensics. There are many reasons for data to be either wrong or incorrectly interpreted, but rarely is the validity of computer generated data challenged.
To quote Bruce, "It's not just the RIAA suing people — and getting it wrong — based on automatic systems to detect and identify file sharers. It's forensic programs used to collect and analyze data from computers and smart phones. It's audit logs saved and stored by ISPs and websites. It's location data from cell phones. It's e-mails and IMs and comments posted to social networking sites. It's tallies from digital voting machines. It's images and meta-data from surveillance cameras. The list goes on and on. We in the security field know the risks associated with trusting digital data, but this evidence is routinely assumed by courts to be accurate."
Hear, hear. This is a serious problem – and I hope the courts become more receptive to ensuring that electronically generated data is in fact trustworthy.
http://twitter.com/sharonnelsonesq
Listen to the Podcast
